Unrated severityNVD Advisory· Published Jan 16, 2019· Updated Sep 16, 2024
Failure to properly clean up closed OMAPI connections can exhaust available sockets
CVE-2017-3144
Description
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Affected products
14- osv-coords13 versionspkg:rpm/opensuse/dhcp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/dhcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 4.4.2.P1-2.4+ 12 more
- (no CPE)range: < 4.4.2.P1-2.4
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.2.4.P2-0.28.5.3
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.2.4.P2-0.28.5.3
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.2.4.P2-0.28.5.3
- (no CPE)range: < 4.3.3-10.11.1
- (no CPE)range: < 4.3.3-10.11.1
- ISC/ISC DHCPv5Range: ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- access.redhat.com/errata/RHSA-2018:0158mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3586-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4133mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/102726mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040194mitrevdb-entryx_refsource_SECTRACK
- kb.isc.org/docs/aa-01541mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.